Southern California -- this just in

JPL computers hacked repeatedly in 2010 and 2011, NASA report says

March 2, 2012 | 9:07
pm

Hacker attacks have repeatedly penetrated NASA computers in the past, stealing user information from dozens of employees and gaining control over key networks at the Jet Propulsion Laboratory in La Cañada Flintridge, according to a federal report.

In written comments submitted to Congress this week, NASA Inspector General Paul K. Martin noted that between 2010 and 2011 the agency reported 5,408 computer security breaches, resulting in the spread of destructive software or unauthorized access to computer systems.

The inspector general also noted that NASA was victimized 47 times in 2011 by particularly stealthy and sophisticated attacks from well-funded sources hoping to steal or modify computers without detection. One such attack involved hackers from Chinese Internet addresses gaining access to networks at JPL.

Martin noted that intruders “gained full access to key JPL systems and sensitive user accounts,” allowing them to alter files, user accounts from mission critical JPL systems and upload tools to steal user credentials. “In other words, the attackers had full functional control over these networks," Martin wrote.

In a 2009 attack, an Italian hacker appears to have gained access to a pair of computer systems supporting NASA's Deep Space Network, a series of powerful antennae operated by JPL and based partly in the Mojave Desert. NASA officials assured Martin that critical space operations weren’t at risk.

Martin said the agency was plagued by hackers with a variety of backgrounds: individuals trying to boost their skills by attempting to break into NASA computers; criminal groups mining information for profit; and possibly state-sponsored attacks from foreign countries. Suspects have been arrested in China, Estonia, Great Britain, Italy, Nigeria, Portugal, Romania and Turkey.

Martin testified before Congress on Wednesday, using the report to back his statements. He urged increased NASA vigilance regarding cyber-attacks, warned of the agency’s slow pace of encryption for laptops and mobile device, and highlighted shortcomings in continuous security monitoring at NASA.

NASA spends more than $1.5 billion a year on information technology, including about $58 million for security, according to the report, which cautioned that those figures may not represent the full cost of expenditures because of the way the agency bundles funding.